Technical Field
This disclosure relates generally to deploying applications in a “cloud” compute environment.
Background of the Related Art
An emerging information technology (IT) delivery model is cloud computing, by which shared resources, software and information are provided over the Internet to computers and other devices on-demand. Cloud computing can significantly reduce IT costs and complexities while improving workload optimization and service delivery. With this approach, an application instance can be hosted and made available from Internet-based resources that are accessible through a conventional Web browser over HTTP. An example application might be one that provides a common set of messaging functions, such as email, calendaring, contact management, and instant messaging. A user would then access the service directly over the Internet. Using this service, an enterprise would place its email, calendar and/or collaboration infrastructure in the cloud, and an end user would use an appropriate client to access his or her email, or perform a calendar operation.
Cloud compute resources are typically housed in large server farms that run one or more network applications, typically using a virtualized architecture wherein applications run inside virtual servers, or so-called “virtual machines” (VMs), that are mapped onto physical servers in a data center facility. The virtual machines typically run on top of a hypervisor, which is a control program that allocates physical resources to the virtual machines.
It is known in the art to provide appliance-based or platform-based solutions to facilitate rapid adoption and deployment of cloud-based offerings. Typically, a cloud-based offering is deployed as a cloud application package. One such appliance that may be used for this purpose is IBM® Workload Deployer, which is based on the IBM DataPower® 7199/9005 product family. Typically, the appliance is positioned directly between the business workloads that many organizations use and the underlying cloud infrastructure and platform components. Alternatively, cloud application packages may be deployed using platform-as-a-service (PAS) infrastructure, such as the IBM® SmartCloud® Orchestrator open cloud management platform. A management platform of this type typically comprises several layers including an infrastructure services layer for provisioning, configuring and managing storage, compute and network resources, a platform services layer, and an orchestration services layer to provide business process management. The platform services layer includes virtual machine image lifecycle management capabilities and related services.
As security software deployments become increasingly complex, application developers are further removed from the inner workings of the security environment. As a consequence, security operations often are left to the security experts. The move to virtualization and private clouds, however, empowers application developers with more and more operational capability. Application developers then find themselves in a difficult position. In particular, when putting an application into production, the developer may not have the necessary background and context to evaluate properly the security impact and needs of his or her application. Today, application developers often work with security experts to design a strategy for secure application deployment. The security expert, however, may encounter the same problem, but from the other direction. As applications and middleware become increasingly complex and virtualized, the security expert may not fully understand the application to properly evaluate its security impact and needs.
Cloud bursting refers to the notion of moving applications to the cloud in time of high-demand, often using clone techniques. Cloud burst targets may be public clouds providing remote compute capability, for example, bursting a local enterprise application into a public cloud to meet peak demand. Security capabilities in the cloud burst target, however, may be different and/or more limited than security capabilities in the enterprise environment. The cloud burst scenario then needs to take into account differences in security capabilities for the new environment.